Meeting Date
2023 April 19
Zoom Recording
Attendees
Callum Haslam
Bree-Ann Blazicevic
Agenda Items and Notes (including all relevant links)
General Comments
Review Comments on Credential Policy Template
Scope of Key Management question - limited to Issuer or not?
We must establish baseline requirements for the protection of private keys
The issuer is generating a private key? Only their own private key.
Refer to ecosystem governance guidelines for requirements.
There should be requirements for both Issuers and Subjects
Scott disagrees - once the issuer has issued a credential, issuer requirements are done.
VC Holder accepts responsibility as part of an agreement on the issuance of the VC by the Issuer.
Applicant can submit requirements to the Issuer.
Scott will provide the policy templates for higher levels of assurance.
The Issuer should assert the level of assurance at a minimum.
Levels of assurance identify countermeasures but do not identify the risks.
Transparency will be difficult for commercial providers to accept.
This will be a great focal point for all entities playing in the trust stack. LOA may play at different levels for different use cases.
We will identify the issues that will be out of scope for the issuance question and address them later.
There is some technical progress in interacting with the trust registries. This work will be relevant to that discussion.
There is an over-focus on trust registries, which doesn't cover the entire trust stack.
Request to tackle today
- Identify the framework of the group deliverables
- Determine the meeting cadence
We will be able to make some progress via Slack and other channels, but having a regular technical team meeting is beneficial, and an hour may not be enough time for the discussions.
Question for GLEIF - can you provide us with requirements for due diligence on the LEIs, leaving aside the VLEIs - this is a good basis for policy
GLEIF governance documents - Governance - GLEIF – GLEIF
Scott to follow up with them to see if they will brief the group next week.
We should ask them what they need to see to address their concerns.
A document in our folder contains links to important documents - please provide any relevant links there.
Registries will have codes of practice -
A metamodel would be beneficial - something to guide folks to understand the required elements of a governance policy.
What to do with comments on the template?
Large focus on human interaction in governance, but infrastructure and other elements must also be quantified from a trust perspective.
The meeting cadence will be weekly.